diff options
Diffstat (limited to 'src/identity-token/identity-token.c')
-rw-r--r-- | src/identity-token/identity-token.c | 144 |
1 files changed, 124 insertions, 20 deletions
diff --git a/src/identity-token/identity-token.c b/src/identity-token/identity-token.c index 9f22f1671..dc0154c21 100644 --- a/src/identity-token/identity-token.c +++ b/src/identity-token/identity-token.c | |||
@@ -57,21 +57,23 @@ create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, | |||
57 | return GNUNET_OK; | 57 | return GNUNET_OK; |
58 | } | 58 | } |
59 | 59 | ||
60 | |||
61 | |||
60 | /** | 62 | /** |
61 | * Decrypts metainfo part from a token code | 63 | * Decrypts metainfo part from a token code |
62 | */ | 64 | */ |
63 | static int | 65 | static int |
64 | decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 66 | decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
65 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key, | 67 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key, |
66 | const char *enc_str, | 68 | const char *cyphertext, |
67 | size_t enc_str_len, | 69 | size_t cyphertext_len, |
68 | char **result_str) | 70 | char **result_str) |
69 | { | 71 | { |
70 | struct GNUNET_HashCode new_key_hash; | 72 | struct GNUNET_HashCode new_key_hash; |
71 | struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; | 73 | struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; |
72 | struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; | 74 | struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; |
73 | 75 | ||
74 | char *str_buf = GNUNET_malloc (enc_str_len); | 76 | char *str_buf = GNUNET_malloc (cyphertext_len); |
75 | size_t str_size; | 77 | size_t str_size; |
76 | 78 | ||
77 | //Calculate symmetric key from ecdh parameters | 79 | //Calculate symmetric key from ecdh parameters |
@@ -83,15 +85,16 @@ decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | |||
83 | &enc_key, | 85 | &enc_key, |
84 | &enc_iv); | 86 | &enc_iv); |
85 | 87 | ||
86 | str_size = GNUNET_CRYPTO_symmetric_decrypt (enc_str, | 88 | str_size = GNUNET_CRYPTO_symmetric_decrypt (cyphertext, |
87 | enc_str_len, | 89 | cyphertext_len, |
88 | &enc_key, | 90 | &enc_key, |
89 | &enc_iv, | 91 | &enc_iv, |
90 | str_buf); | 92 | str_buf); |
91 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Decrypted bytes: %d Expected bytes: %d\n", str_size, enc_str_len); | 93 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Decrypted bytes: %d Expected bytes: %d\n", str_size, cyphertext_len); |
92 | if (-1 == str_size) | 94 | if (-1 == str_size) |
93 | { | 95 | { |
94 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH invalid\n"); | 96 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH invalid\n"); |
97 | GNUNET_free (str_buf); | ||
95 | return GNUNET_SYSERR; | 98 | return GNUNET_SYSERR; |
96 | } | 99 | } |
97 | *result_str = GNUNET_malloc (str_size+1); | 100 | *result_str = GNUNET_malloc (str_size+1); |
@@ -103,37 +106,71 @@ decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | |||
103 | } | 106 | } |
104 | 107 | ||
105 | /** | 108 | /** |
109 | * Decrypt string using pubkey and ECDHE | ||
110 | */ | ||
111 | static int | ||
112 | decrypt_str_ecdhe2 (const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_privkey, | ||
113 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
114 | const char *ciphertext, | ||
115 | size_t ciphertext_len, | ||
116 | char **plaintext) | ||
117 | { | ||
118 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
119 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
120 | struct GNUNET_HashCode new_key_hash; | ||
121 | |||
122 | //This is true see documentation for GNUNET_CRYPTO_symmetric_encrypt | ||
123 | *plaintext = GNUNET_malloc (ciphertext_len); | ||
124 | |||
125 | // Derived key K = H(eB) | ||
126 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (ecdh_privkey, | ||
127 | aud_key, | ||
128 | &new_key_hash)); | ||
129 | create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); | ||
130 | GNUNET_CRYPTO_symmetric_decrypt (ciphertext, | ||
131 | ciphertext_len, | ||
132 | &skey, &iv, | ||
133 | *plaintext); | ||
134 | return GNUNET_OK; | ||
135 | } | ||
136 | |||
137 | |||
138 | /** | ||
106 | * Encrypt string using pubkey and ECDHE | 139 | * Encrypt string using pubkey and ECDHE |
107 | * Returns ECDHE pubkey to be used for decryption | 140 | * Returns ECDHE pubkey to be used for decryption |
108 | */ | 141 | */ |
109 | static int | 142 | static int |
110 | encrypt_str_ecdhe (const char *data, | 143 | encrypt_str_ecdhe (const char *plaintext, |
111 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub_key, | 144 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub_key, |
112 | char **enc_data_str, | 145 | char **cyphertext, |
146 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, | ||
113 | struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pubkey) | 147 | struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pubkey) |
114 | { | 148 | { |
115 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_privkey; | ||
116 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | 149 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; |
117 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 150 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
118 | struct GNUNET_HashCode new_key_hash; | 151 | struct GNUNET_HashCode new_key_hash; |
119 | 152 | ssize_t enc_size; | |
153 | |||
120 | // ECDH keypair E = eG | 154 | // ECDH keypair E = eG |
121 | ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); | 155 | *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); |
122 | GNUNET_CRYPTO_ecdhe_key_get_public (ecdh_privkey, | 156 | GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, |
123 | ecdh_pubkey); | 157 | ecdh_pubkey); |
124 | 158 | ||
125 | *enc_data_str = GNUNET_malloc (strlen (data)); | 159 | //This is true see documentation for GNUNET_CRYPTO_symmetric_encrypt |
160 | *cyphertext = GNUNET_malloc (strlen (plaintext)); | ||
126 | 161 | ||
127 | // Derived key K = H(eB) | 162 | // Derived key K = H(eB) |
128 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (ecdh_privkey, | 163 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, |
129 | pub_key, | 164 | pub_key, |
130 | &new_key_hash)); | 165 | &new_key_hash)); |
131 | create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); | 166 | create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); |
132 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypting string %s\n", data); | 167 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypting string %s\n (len=%d)", |
133 | GNUNET_CRYPTO_symmetric_encrypt (data, strlen (data), | 168 | plaintext, |
134 | &skey, &iv, | 169 | strlen (plaintext)); |
135 | *enc_data_str); | 170 | enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext, strlen (plaintext), |
136 | GNUNET_free (ecdh_privkey); | 171 | &skey, &iv, |
172 | *cyphertext); | ||
173 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypted (len=%d)", enc_size); | ||
137 | return GNUNET_OK; | 174 | return GNUNET_OK; |
138 | } | 175 | } |
139 | 176 | ||
@@ -209,6 +246,65 @@ identity_token_add_json (const struct IdentityToken *token, | |||
209 | 246 | ||
210 | 247 | ||
211 | int | 248 | int |
249 | identity_token_parse2 (const char* raw_data, | ||
250 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, | ||
251 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
252 | struct IdentityToken **result) | ||
253 | { | ||
254 | char *enc_token_str; | ||
255 | char *tmp_buf; | ||
256 | char *token_str; | ||
257 | char *enc_token; | ||
258 | char *header; | ||
259 | char *header_base64; | ||
260 | char *payload; | ||
261 | char *payload_base64; | ||
262 | size_t enc_token_len; | ||
263 | json_error_t err_json; | ||
264 | |||
265 | GNUNET_asprintf (&tmp_buf, "%s", raw_data); | ||
266 | strtok (tmp_buf, ","); | ||
267 | enc_token_str = strtok (NULL, ","); | ||
268 | |||
269 | enc_token_len = GNUNET_STRINGS_base64_decode (enc_token_str, | ||
270 | strlen (enc_token_str), | ||
271 | &enc_token); | ||
272 | if (GNUNET_OK != decrypt_str_ecdhe2 (priv_key, | ||
273 | aud_key, | ||
274 | enc_token, | ||
275 | enc_token_len, | ||
276 | &token_str)) | ||
277 | { | ||
278 | GNUNET_free (tmp_buf); | ||
279 | GNUNET_free (enc_token); | ||
280 | return GNUNET_SYSERR; | ||
281 | } | ||
282 | |||
283 | header_base64 = strtok (token_str, "."); | ||
284 | payload_base64 = strtok (NULL, "."); | ||
285 | |||
286 | GNUNET_STRINGS_base64_decode (header_base64, | ||
287 | strlen (header_base64), | ||
288 | &header); | ||
289 | GNUNET_STRINGS_base64_decode (payload_base64, | ||
290 | strlen (payload_base64), | ||
291 | &payload); | ||
292 | //TODO signature | ||
293 | |||
294 | |||
295 | *result = GNUNET_malloc (sizeof (struct IdentityToken)); | ||
296 | (*result)->aud_key = *aud_key; | ||
297 | (*result)->header = json_loads (header, JSON_DECODE_ANY, &err_json); | ||
298 | (*result)->payload = json_loads (payload, JSON_DECODE_ANY, &err_json); | ||
299 | GNUNET_free (enc_token); | ||
300 | GNUNET_free (token_str); | ||
301 | GNUNET_free (tmp_buf); | ||
302 | GNUNET_free (payload); | ||
303 | GNUNET_free (header); | ||
304 | return GNUNET_OK; | ||
305 | } | ||
306 | |||
307 | int | ||
212 | identity_token_parse (const char* raw_data, | 308 | identity_token_parse (const char* raw_data, |
213 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 309 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
214 | struct IdentityToken **result) | 310 | struct IdentityToken **result) |
@@ -342,6 +438,7 @@ identity_token_to_string (const struct IdentityToken *token, | |||
342 | int | 438 | int |
343 | identity_token_serialize (const struct IdentityToken *token, | 439 | identity_token_serialize (const struct IdentityToken *token, |
344 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 440 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
441 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, | ||
345 | char **result) | 442 | char **result) |
346 | { | 443 | { |
347 | char *token_str; | 444 | char *token_str; |
@@ -357,6 +454,7 @@ identity_token_serialize (const struct IdentityToken *token, | |||
357 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (token_str, | 454 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (token_str, |
358 | &token->aud_key, | 455 | &token->aud_key, |
359 | &enc_token, | 456 | &enc_token, |
457 | ecdh_privkey, | ||
360 | &ecdh_pubkey)); | 458 | &ecdh_pubkey)); |
361 | GNUNET_STRINGS_base64_encode (enc_token, | 459 | GNUNET_STRINGS_base64_encode (enc_token, |
362 | strlen (token_str), | 460 | strlen (token_str), |
@@ -456,6 +554,7 @@ identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, | |||
456 | char *token_code_str; | 554 | char *token_code_str; |
457 | char *dh_key_str; | 555 | char *dh_key_str; |
458 | char *write_ptr; | 556 | char *write_ptr; |
557 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | ||
459 | 558 | ||
460 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 559 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
461 | 560 | ||
@@ -465,8 +564,11 @@ identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, | |||
465 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, | 564 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, |
466 | &identity_token_code->aud_key, | 565 | &identity_token_code->aud_key, |
467 | &enc_token_code_payload, | 566 | &enc_token_code_payload, |
567 | &ecdhe_privkey, | ||
468 | &identity_token_code->ecdh_pubkey)); | 568 | &identity_token_code->ecdh_pubkey)); |
469 | 569 | ||
570 | GNUNET_free (ecdhe_privkey); | ||
571 | |||
470 | purpose = | 572 | purpose = |
471 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 573 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
472 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E | 574 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E |
@@ -509,6 +611,7 @@ identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, | |||
509 | 611 | ||
510 | int | 612 | int |
511 | identity_token_code_payload_parse(const char *raw_data, | 613 | identity_token_code_payload_parse(const char *raw_data, |
614 | ssize_t data_len, | ||
512 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 615 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
513 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, | 616 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, |
514 | struct IdentityTokenCodePayload **result) | 617 | struct IdentityTokenCodePayload **result) |
@@ -528,7 +631,7 @@ identity_token_code_payload_parse(const char *raw_data, | |||
528 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, | 631 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, |
529 | ecdhe_pkey, | 632 | ecdhe_pkey, |
530 | raw_data, | 633 | raw_data, |
531 | strlen (raw_data), | 634 | data_len, |
532 | &meta_str)) | 635 | &meta_str)) |
533 | { | 636 | { |
534 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Metadata decryption failed\n"); | 637 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Metadata decryption failed\n"); |
@@ -668,6 +771,7 @@ identity_token_code_parse (const char *raw_data, | |||
668 | 771 | ||
669 | 772 | ||
670 | identity_token_code_payload_parse (enc_meta, | 773 | identity_token_code_payload_parse (enc_meta, |
774 | enc_meta_len, | ||
671 | priv_key, | 775 | priv_key, |
672 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&token_code->ecdh_pubkey, | 776 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&token_code->ecdh_pubkey, |
673 | &token_code_payload); | 777 | &token_code_payload); |